HTTP TRACE Method Vulnerability in HP Universal CMDB Probe
CVE-2014-7883

Currently unrated

Key Information:

Vendor: HP
Status: Universal Configuration Management Database
Vendor: CVE Published:; 15 February 2015

Summary

The HP Universal Configuration Management Database (UCMDB) Probe has a significant security concern relating to the HTTP TRACE method. This functionality can allow remote attackers to exploit the system, enabling them to retrieve sensitive information by reading the headers of the server's response. This exposure can lead to potential unauthorized access to critical data, underscoring the importance of securing HTTP methods to safeguard user information.

References

http://www.kb.cert.org/vuls/id/867593

third-party-advisoryx_refsource_CERT-VN

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

http://www.securitytracker.com/id/1031688

vdb-entryx_refsource_SECTRACK

EPSS Score

42% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 15, 2015
Vulnerability Reserved
Oct 6, 2014